Essential entity | Significant entity | ||
---|---|---|---|
When are you one? | Large organizations in the 12 critical sectors (including energy, transportation, healthcare) and a few special service providers such as trust service providers | Companies from the same sectors that do not fall below the threshold for "essential" but are still relevant to the economy or security | |
Supervision by authority | Proactive and reactive: scheduled inspections, audits, security scans and ad hoc investigations | Lighter, especially retrospective: only investigate when there are signs of noncompliance or incidents | |
Maximum fine for violation | ≥ € 10 mln or 2% of world sales (whichever is higher) | ≥ € 7 mln or 1.4% of world sales (whichever is higher) | |
Why this difference? | They provide services that are "critical" to society and economy; thus stricter regime | Still important, but lower systemic impact; balance risk and administrative burden |